Online Criminals Use Keystroke Loggers

Keystroke loggers are small programs that silently register every character you type on your keyboard. They can be used for good and bad purposes. They can be used to monitor what children do online or to steal information from other computers, for example logins and passwords to online services, including bank account details.

Security analysts say keystroke loggers are becoming more and more common, as criminals use them to steal user credentials to financial services and perform fraudulent bank transfers.

Nowadays, we see massive phishing campaigns targeting not only personal users but corporations as well. Attackers use vulnerabilities in Microsoft software to alter the victim’s workstation configuration and facilitate communication to other remote servers in order to have full control over the user’s machine.

The most common example is Dridex malware. The older brother of Cridex. Dridex is distributed by malicious emails simulating a legitimate communication, for example: invoice, tracking number, fax, message from friend, etc. Attached files contain a malicious macro within a Word document that automatically downloads an executable file to the victim’s computer.

This virus can only succeed on Microsoft Windows operating system. However, Linux/Android and iOS systems do not support executable files by default therefore are more secure.

Cybercriminals started using macros over a decade ago, but it looks like they keep targeting Microsoft software looking for security vulnerabilities to take full control over the victim’s computer.

The spam messages of Dridex came mostly from Vietnam, India, Taiwan, Korea and China, while the top three countries aimed by cyber criminals are: Australia, the United Kingdom and the United States.

Fraud cost in the UK alone in 2013 was over £450 million, which is a 13% increase compared to the previous year, and we see this trend going up over the coming years.

More and more online service companies are actively implementing security measures, systematically increasing user’s safety and security. Attackers are also looking for ways to bypass the newly implemented methods. It is never-ending war.

The real danger comes when an attacker gains access to a user email. Having this, it’s easy to access all the user’s online accounts, like: Ebay, Amazon, Paypal, and others.

How to protect against keystroke loggers

To protect yourself against keystroke loggers it is necessary to apply firewall outbound rules and encrypt keystrokes at a keyboard driver level. It is also necessary to always use the standard user account and elevate when required.